QR codes are all around us. They offer a quick way to take part in surveys, download useful stuff, and visit websites of interest. After all, pointing your phone at a picture is far easier than typing in an annoyingly long URL. But their very convenience hides a significant drawback. With regular links, its possible show more ...
The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet’s online infrastructure, and quietly show more ...
The best way to withstand a data breach is to be prepared. Here are four elements that are easily overlooked in breach response plans.
SQL injection and its ilk will stop being "a thing" only after organizations focus on security by construction.
Attackers leaked 1.6TB of stolen data, which government officials dismissed as "fake news."
Eight months after the cyberattack, the cloud hosting services company's remediation costs top $10 million as it tries to repair the damage caused by the Play ransomware gang.
"Operation Duck Hunt" is not likely to eliminate the initial access botnet forever, but the proactive removal of the malware from victim machines by law enforcement is one of the largest and most significant efforts of its kind.
Officials said the apps were used to "spread horrific content and misinformation to the public."
Information was exposed on hundreds of crypto-related bankruptcy claimants in proceedings involving FTX, Genesis, and BlockFI.
Citrix issued a patch for the critical remote code execution bug in July for its NetScaler devices.
The social media giant is taking on Dragonbridge, the "largest known cross-platform covert influence operation in the world."
CISOs need to educate all arms of the business on security best practices so it becomes part of the business culture, thus expanding who's keeping watch. Automating routine tasks will help scale security.
Polish police on Sunday arrested two men suspected of illegally hacking into the national railway’s communications network, which destabilized traffic in some areas of the country this weekend.
Public-private cybersecurity councils urged the healthcare industry to be more expansive in sharing signs of hacking, warning that traditional indicators aren't enough to defend against modern cybersecurity threats.
The San Antonio, Texas, company's multi-million expenditure includes "costs to investigate and remediate, legal and other professional services, and supplemental staff resources that were deployed to provide support to customers."
A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks.
ReliaQuest has identified the top malware loaders that have been causing trouble for SOC teams. These loaders are often used by threat actors to gain initial access to a network and drop payloads for further exploitation. The top seven most observed malware loaders from January 1 to July 31, 2023, include QakBot, SocGholish, Raspberry Robin, Gootloader, Guloader, Chromeloader, and Ursnif.
"A wave of sending emails to architecture companies has been detected, although it is not ruled out that they extend their action to other sectors," reads the machine-translated police announcement.
IT leaders are grappling with anxiety over the risks of generative AI despite continued confidence in their software-as-a-service (SaaS) security posture, according to Snow Software.
Human rights organizations are sounding alarm about a United Nations cybercrime treaty being negotiated this week in New York, warning that the rules could expand government surveillance powers and give dictatorships further tools of repression.
Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model.
Social media companies and other businesses have an obligation to protect users’ publicly available information from data scrapers that gather it for unintended purposes, an international group of privacy regulators said last week.
Japan’s computer emergency response team (JPCERT) has recently observed a new attack technique, called ‘MalDoc in PDF’, that bypasses detection by embedding a malicious Word file into a PDF file.
Security researchers at Netenrich laid bare a previously misclassified strain of ransomware, TZW, as part of the Adhubllka ransomware family. Unlike other high-profile ransomware campaigns, TZW targets individuals and small businesses, demanding small ransoms ranging from $800 to $1,600. This study underscores how ransomware is intricately designed to confuse those seeking to counter cybercriminals.
With new Securities and Exchange Commission disclosure rules set to take effect in early September, a study from the EY Center for Board Matters shows director oversight of cybersecurity at Fortune 100 companies is rapidly evolving.
A security researcher discovered that it's possible to discover a target’s IP address by sending a link over the Skype mobile app. The researcher pointed out that the attack only requires the target to open the message.
Attackers are increasingly using backend PHP infections, making it more challenging to detect Magecart infections without access to the compromised website's backend code.
Cybersecurity professionals should focus on effectively defending their organizations against common breach types, rather than prioritizing compliance and checking boxes on audit forms.
MMRat uses customized command-and-control protocols and remains undetected on VirusTotal, highlighting its ability to evade detection and exploit large volumes of data transfer.
A group of young employees in Hyderabad ran a sophisticated scam using VOIP to target unsuspecting people in the U.S. and trick them into buying gift cards, which were then converted into cryptocurrency and Indian Rupees.
"The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom Security said in a report published last week.
Suspected Chinese hackers breached Japan’s cybersecurity agency and potentially accessed sensitive data stored on its networks for nine months before being discovered, it was reported on Tuesday.
The attacks' motivation was espionage, with the threat actor (tracked as UNC4841) engaging in targeted exfiltration from systems belonging to high-profile users in government and high-tech verticals.
The network typically posted praise for China and its Xinjiang province and criticisms of the United States, Western foreign policies, and critics of the Chinese government including journalists and researchers, the Meta report says.
The University of Michigan has taken all of its systems and services offline to deal with a cybersecurity incident, causing a widespread impact on online services the night before classes started.
Ubuntu Security Notice 6313-1 - It was discovered that FAAD2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that FAAD2 incorrectly handled certain show more ...
Red Hat Security Advisory 2023-4835-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a privilege escalation vulnerability.
Ubuntu Security Notice 6312-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system show more ...
Red Hat Security Advisory 2023-4828-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
Grawlix version 1.5.1 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 6311-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the show more ...
Mozilla Firefox only stores up to 1024 HSTS entries. When the limit is reached, Firefox discards entries based on their age and recent visits to the domain in question.
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared show more ...
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals show more ...
Ubuntu Security Notice 6310-1 - It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Red Hat Security Advisory 2023-4829-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
GOM Player version 2.3.90.5360 man-in-the-middle proof of concept remote code execution exploit.
Ubuntu Security Notice 6309-1 - Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the HFS+ file show more ...
Ubuntu Security Notice 6308-1 - It was discovered that Libqb incorrectly handled certain messages. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Red Hat Security Advisory 2023-4834-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-4838-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2023-4809-01 - The librsvg2 packages provide a Scalable Vector Graphics library based on the libart library.
ImgHosting version 1.2 suffers from a cross site scripting vulnerability.
imax CMS version 1.0 suffers from a remote SQL injection vulnerability.
i-Gallery version 3.4 suffers from a database disclosure vulnerability.
iBilling CRM version 4.5.0 suffers from add administrator and insecure direct object reference vulnerabilities.
Humhub version 1.3.13 suffers from a directory traversal vulnerability.
Red Hat Security Advisory 2023-4817-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and out of bounds write vulnerabilities.
Red Hat Security Advisory 2023-4815-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and out of bounds write vulnerabilities.
Red Hat Security Advisory 2023-4814-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.
Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model. In addition to an uptick in AiTM-capable PhaaS platforms, the tech giant noted that existing phishing services like PerSwaysion are incorporating AiTM capabilities. "This development in the PhaaS ecosystem enables
Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what's suspected to be a ransomware attack. Cybersecurity company Sophos is tracking the activity cluster under the moniker STAC4663. Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could
Ask any security professional and they’ll tell you that remediating risks from various siloed security scanning tools requires a tedious and labor-intensive series of steps focused on deduplication, prioritization, and routing of issues to an appropriate “fixer” somewhere in the organization. This burden on already resource-strapped security teams is an efficiency killer. A new study,
A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which is tracking the activity under the name UNC4841, described the threat actor as "highly responsive to
A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom Security said in a report published last week. The latest report build onn recent findings from security
